@fabasoad/sarif-to-slack 1.3.4 → 1.4.0

package/src/SarifToSlackClient.ts

@@ -1,30 +1,30 @@
-import { promises as fs } from 'node:fs'
-import type { Log } from 'sarif'
-import Logger from './Logger'
+import { promises as fs } from 'node:fs';
+import type { Log } from 'sarif';
+import Logger from './Logger';
 import {
   type RunData,
   type SarifModel,
   type SarifOptions,
   type SarifToSlackClientOptions,
   SecurityLevel,
-  SecuritySeverity
-} from './types'
-import { logMetadata } from './system'
-import { extractListOfFiles } from './utils/FileUtils'
-import { createRepresentation } from './representations/RepresentationFactory'
-import { createFinding } from './model/Finding'
-import { findToolComponent, findToolComponentDriver } from './utils/SarifUtils'
-import { identifyColor } from './model/color/ColorIdentification'
-import FindingArray from './model/FindingArray'
-import { createSlackMessage, type SlackMessage } from './model/SlackMessage'
-import { SendIf, sendIfLogMessage } from './model/SendIf'
+  SecuritySeverity,
+} from './types';
+import { logMetadata } from './system';
+import { extractListOfFiles } from './utils/FileUtils';
+import { createRepresentation } from './representations/RepresentationFactory';
+import { createFinding } from './model/Finding';
+import { findToolComponent, findToolComponentDriver } from './utils/SarifUtils';
+import { identifyColor } from './model/color/ColorIdentification';
+import FindingArray from './model/FindingArray';
+import { createSlackMessage, type SlackMessage } from './model/SlackMessage';
+import { SendIf, sendIfLogMessage } from './model/SendIf';
+import { globalState } from './globalState';
 
 /**
  * Service to convert SARIF files to Slack messages and send them.
  * @public
  */
 export class SarifToSlackClient {
-  private readonly _logger = new Logger('SarifToSlackClient');
   private _message?: SlackMessage;
   private _sarifModel?: SarifModel;
 
@@ -52,8 +52,12 @@ export class SarifToSlackClient {
    * @public
    */
   public static async create(webhookUrl: string, opts: SarifToSlackClientOptions): Promise<SarifToSlackClient> {
+    globalState.loggerOpts = opts.loggerOptions;
+
+    const logger = new Logger();
+    logger.trace(opts);
+
     const instance = new SarifToSlackClient();
-    instance._logger.trace(opts);
     instance._sendIf = opts.sendIf ?? instance._sendIf;
     instance._sarifModel = await SarifToSlackClient.buildModel(opts.sarif);
     instance._message = await SarifToSlackClient.initialize(webhookUrl, opts, instance._sarifModel);
@@ -61,35 +65,35 @@ export class SarifToSlackClient {
   }
 
   private static async buildModel(sarifOpts: SarifOptions): Promise<SarifModel> {
-    const sarifFiles: string[] = extractListOfFiles(sarifOpts)
+    const sarifFiles: string[] = extractListOfFiles(sarifOpts);
     if (sarifFiles.length === 0) {
-      throw new Error(`No SARIF files found at the provided path: ${sarifOpts.path}`)
+      throw new Error(`No SARIF files found at the provided path: ${sarifOpts.path}`);
     }
 
-    const model: SarifModel = { sarifFiles, runs: [], findings: new FindingArray() }
-    const runIdGenerator: Generator<number> = SarifToSlackClient.createRunIdGenerator()
+    const model: SarifModel = { sarifFiles, runs: [], findings: new FindingArray() };
+    const runIdGenerator: Generator<number> = SarifToSlackClient.createRunIdGenerator();
     for (const sarifPath of sarifFiles) {
-      const sarifJson: string = await fs.readFile(sarifPath, 'utf8')
-      const sarifLog: Log = JSON.parse(sarifJson) as Log
+      const sarifJson: string = await fs.readFile(sarifPath, 'utf8');
+      const sarifLog: Log = JSON.parse(sarifJson) as Log;
 
       for (const run of sarifLog.runs) {
-        const runId: IteratorResult<number> = runIdGenerator.next()
-        let runMetadata: RunData | undefined
+        const runId: IteratorResult<number> = runIdGenerator.next();
+        let runMetadata: RunData | undefined;
         for (const result of run.results ?? []) {
           runMetadata = {
             id: runId.value,
             run,
-            toolName: findToolComponent(run, result).name
-          }
-          model.findings.push(createFinding({ sarifPath, result, runMetadata }))
+            toolName: findToolComponent(run, result).name,
+          };
+          model.findings.push(createFinding({ sarifPath, result, runMetadata }));
         }
         runMetadata ??= {
-          id: runId.value, run, toolName: findToolComponentDriver(run).name
-        }
-        model.runs.push(runMetadata)
+          id: runId.value, run, toolName: findToolComponentDriver(run).name,
+        };
+        model.runs.push(runMetadata);
       }
     }
-    return model
+    return model;
   }
 
   /**
@@ -112,20 +116,20 @@ export class SarifToSlackClient {
       iconUrl: opts.iconUrl,
       color: identifyColor(sarifModel.findings, opts.color),
       representation: createRepresentation(sarifModel, opts.representation),
-    })
+    });
     if (opts.header?.include) {
-      message.withHeader(opts.header?.value)
+      message.withHeader(opts.header?.value);
     }
     if (opts.footer?.include) {
-      message.withFooter(opts.footer?.value, opts.footer?.type)
+      message.withFooter(opts.footer?.value, opts.footer?.type);
     }
     if (opts.actor?.include) {
-      message.withActor(opts.actor?.value)
+      message.withActor(opts.actor?.value);
     }
     if (opts.run?.include) {
-      message.withRun()
+      message.withRun();
     }
-    return message
+    return message;
   }
 
   /**
@@ -136,75 +140,76 @@ export class SarifToSlackClient {
    */
   public async send(): Promise<void> {
     if (this._sarifModel == null) {
-      throw new Error('Could not parse SARIF file(s).')
+      throw new Error('Could not parse SARIF file(s).');
     }
+    const logger = new Logger();
     if (this.shouldSendMessage) {
       if (this._message == null) {
-        throw new Error('Slack message was not prepared.')
+        throw new Error('Slack message was not prepared.');
       }
-      const text: string = await this._message.send()
-      this._logger.info('Message sent. Status:', text)
+      const text: string = await this._message.send();
+      logger.info('Message sent. Status:', text);
     } else {
-      this._logger.info(sendIfLogMessage(this._sendIf))
+      logger.info(sendIfLogMessage(this._sendIf));
     }
   }
 
   private get shouldSendMessage(): boolean {
     if (this._sendIf == null) {
-      return true
+      return true;
     }
 
     switch (this._sendIf) {
       case SendIf.SeverityCritical:
-        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Critical) != null
+        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Critical) != null;
       case SendIf.SeverityHigh:
-        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.High) != null
+        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.High) != null;
       case SendIf.SeverityHighOrHigher:
-        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.High)
+        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.High);
       case SendIf.SeverityMedium:
-        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Medium) != null
+        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Medium) != null;
       case SendIf.SeverityMediumOrHigher:
-        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.Medium)
+        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.Medium);
       case SendIf.SeverityLow:
-        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Low) != null
+        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Low) != null;
       case SendIf.SeverityLowOrHigher:
-        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.Low)
+        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.Low);
       case SendIf.SeverityNone:
-        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.None) != null
+        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.None) != null;
       case SendIf.SeverityNoneOrHigher:
-        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.None)
+        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.None);
       case SendIf.SeverityUnknown:
-        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Unknown) != null
+        return this._sarifModel?.findings.findByProperty('severity', SecuritySeverity.Unknown) != null;
       case SendIf.SeverityUnknownOrHigher:
-        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.Unknown)
+        return !!this._sarifModel?.findings.hasSeverityOrHigher(SecuritySeverity.Unknown);
       case SendIf.LevelError:
-        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Error) != null
+        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Error) != null;
       case SendIf.LevelWarning:
-        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Warning) != null
+        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Warning) != null;
       case SendIf.LevelWarningOrHigher:
-        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.Warning)
+        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.Warning);
       case SendIf.LevelNote:
-        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Note) != null
+        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Note) != null;
       case SendIf.LevelNoteOrHigher:
-        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.Note)
+        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.Note);
       case SendIf.LevelNone:
-        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.None) != null
+        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.None) != null;
       case SendIf.LevelNoneOrHigher:
-        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.None)
+        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.None);
       case SendIf.LevelUnknown:
-        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Unknown) != null
+        return this._sarifModel?.findings.findByProperty('level', SecurityLevel.Unknown) != null;
       case SendIf.LevelUnknownOrHigher:
-        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.Unknown)
+        return !!this._sarifModel?.findings.hasLevelOrHigher(SecurityLevel.Unknown);
       case SendIf.Always:
-        return true
+        return true;
       case SendIf.Some:
-        return (this._sarifModel?.findings.length ?? 0) > 0
+        return (this._sarifModel?.findings.length ?? 0) > 0;
       case SendIf.Empty:
-        return (this._sarifModel?.findings.length ?? 0) === 0
+        return (this._sarifModel?.findings.length ?? 0) === 0;
       case SendIf.Never:
-        return false
+        return false;
       default:
-        throw new Error(`Unknown sendIf parameter: ${this._sendIf}`)
+        throw new Error(`Unknown sendIf parameter: ${this._sendIf}`);
     }
   }
 }

package/src/globalState.ts

@@ -0,0 +1,11 @@
+import type { LoggerOptions } from './types';
+
+/**
+ * Global state for appsec-findings-summary.
+ * @internal
+ */
+export type GlobalState = {
+  loggerOpts?: LoggerOptions,
+}
+
+export const globalState: GlobalState = {};

package/src/index.ts

@@ -63,6 +63,13 @@
  *   },
  *   representation: RepresentationType.CompactGroupByToolNamePerSeverity,
  *   sendIf: SendIf.MediumOrHigher,
+ *   loggerOptions: {
+ *     logFunctionName: false,
+ *     minLevel: 'debug',
+ *     name: 'my-app',
+ *     stylePrettyLogs: true,
+ *     prettyLogTemplate: '[{{logLevelName}}] [{{name}}] {{dateIsoStr}} ',
+ *   },
  * });
  * await client.send();
  * ```
@@ -71,22 +78,26 @@
  *
  * @packageDocumentation
  */
-export { Color } from './model/color/Color'
-export {
+export { Color } from './model/color/Color';
+export type {
   ColorOptions,
   ColorGroupCommon,
   ColorGroupByLevel,
   ColorGroupBySeverity
-} from './model/color/ColorOptions'
-export { SendIf } from './model/SendIf'
-export { SarifToSlackClient } from './SarifToSlackClient'
+} from './model/color/ColorOptions';
+export { SendIf } from './model/SendIf';
+export { SarifToSlackClient } from './SarifToSlackClient';
 export {
-  FooterOptions,
+  type FooterOptions,
+  type IncludeAwareOptions,
+  type IncludeAwareWithValueOptions,
+  type LogLevel,
+  type LoggerOptions,
+  type SarifFileExtension,
+  type SarifOptions,
+  type SarifToSlackClientOptions,
   FooterType,
-  IncludeAwareOptions,
-  IncludeAwareWithValueOptions,
+  LogLevelItems,
   RepresentationType,
-  SarifFileExtension,
-  SarifOptions,
-  SarifToSlackClientOptions
-} from './types'
+  SarifFileExtensionItems,
+} from './types';

package/src/model/Finding.ts

@@ -1,8 +1,8 @@
-import type { ReportingDescriptor, Result } from 'sarif'
-import { type RunData, SecurityLevel, SecuritySeverity } from '../types'
-import Logger from '../Logger'
-import type { CommonProcessor } from '../processors/CommonProcessor'
-import { createProcessor } from '../processors/ProcessorFactory'
+import type { ReportingDescriptor, Result } from 'sarif';
+import { type RunData, SecurityLevel, SecuritySeverity } from '../types';
+import Logger from '../Logger';
+import type { CommonProcessor } from '../processors/CommonProcessor';
+import { createProcessor } from '../processors/ProcessorFactory';
 
 /**
  * Parameters that are needed for the new {@link Finding} instance creation.
@@ -33,7 +33,7 @@ export default interface Finding {
  * @internal
  */
 export function createFinding(opts: FindingOptions): Finding {
-  return new FindingImpl(opts)
+  return new FindingImpl(opts);
 }
 
 /**
@@ -43,7 +43,6 @@ export function createFinding(opts: FindingOptions): Finding {
  * @private
  */
 class FindingImpl implements Finding {
-  private readonly _logger = new Logger('FindingImpl');
   private readonly _runMetadata: RunData;
   private readonly _result: Result;
   private readonly _sarifPath: string;
@@ -57,82 +56,84 @@ class FindingImpl implements Finding {
   private _levelCache: Result.level | undefined = undefined;
 
   constructor(opts: FindingOptions) {
-    this._processor = createProcessor(opts.runMetadata.run, opts.result)
-    this._sarifPath = opts.sarifPath
-    this._runMetadata = opts.runMetadata
-    this._result = opts.result
-    this._rule = this._processor.tryFindRule()
+    this._processor = createProcessor(opts.runMetadata.run, opts.result);
+    this._sarifPath = opts.sarifPath;
+    this._runMetadata = opts.runMetadata;
+    this._result = opts.result;
+    this._rule = this._processor.tryFindRule();
   }
 
   clone(): Finding {
     return createFinding({
       sarifPath: this._sarifPath,
       runMetadata: this._runMetadata,
-      result: this._result
-    })
+      result: this._result,
+    });
   }
 
   public get sarifPath(): string {
-    return this._sarifPath
+    return this._sarifPath;
   }
 
   public get runId(): number {
-    return this._runMetadata.id
+    return this._runMetadata.id;
   }
 
   public get toolName(): string {
-    return this._processor.findToolComponent().name
+    return this._processor.findToolComponent().name;
   }
 
   public get cvssScore(): number | undefined {
     if (!this._cvssScoreCacheProcessed) {
-      this._cvssScoreCacheProcessed = true
-      this._cvssScoreCache = this._processor.tryFindCvssScore()
+      this._cvssScoreCacheProcessed = true;
+      this._cvssScoreCache = this._processor.tryFindCvssScore();
     }
-    return this._cvssScoreCache
+    return this._cvssScoreCache;
   }
 
   public get level(): SecurityLevel {
     if (!this._levelCacheProcessed) {
-      this._levelCacheProcessed = true
-      this._levelCache = this._processor.tryFindLevel()
+      this._levelCacheProcessed = true;
+      this._levelCache = this._processor.tryFindLevel();
     }
 
     if (this._levelCache === undefined) {
-      this._logger.debug(`Unknown level of ${this._rule?.id} rule`)
-      return SecurityLevel.Unknown
+      const logger = new Logger();;
+      logger.debug(`Unknown level of ${this._rule?.id} rule`);
+      return SecurityLevel.Unknown;
     }
 
     switch (this._levelCache) {
-      case 'error': return SecurityLevel.Error
-      case 'warning': return SecurityLevel.Warning
-      case 'note': return SecurityLevel.Note
-      default: return SecurityLevel.None
+      case 'error': return SecurityLevel.Error;
+      case 'warning': return SecurityLevel.Warning;
+      case 'note': return SecurityLevel.Note;
+      default: return SecurityLevel.None;
     }
   }
 
   public get severity(): SecuritySeverity {
     if (this.cvssScore == null || this.cvssScore < 0 || this.cvssScore > 10) {
-      this._logger.debug(`Unsupported CVSS score ${this.cvssScore} in ${this._rule?.id} rule`)
-      return SecuritySeverity.Unknown
+      const logger = new Logger();
+      logger.debug(`Unsupported CVSS score ${this.cvssScore} in ${this._rule?.id} rule`);
+      return SecuritySeverity.Unknown;
     }
 
     if (this.cvssScore >= 9) {
-      return SecuritySeverity.Critical
+      return SecuritySeverity.Critical;
     }
 
     if (this.cvssScore >= 7) {
-      return SecuritySeverity.High
+      return SecuritySeverity.High;
     }
 
     if (this.cvssScore >= 4) {
-      return SecuritySeverity.Medium
+      return SecuritySeverity.Medium;
     }
 
     if (this.cvssScore >= 0.1) {
-      return SecuritySeverity.Low
+      return SecuritySeverity.Low;
     }
 
-    return SecuritySeverity.None
+    return SecuritySeverity.None;
   }
 }

package/src/model/FindingArray.ts

@@ -1,6 +1,6 @@
-import type Finding from './Finding'
-import { SecurityLevel, SecuritySeverity } from '../types'
-import ExtendedArray from '../utils/ExtendedArray'
+import type Finding from './Finding';
+import { SecurityLevel, SecuritySeverity } from '../types';
+import ExtendedArray from '../utils/ExtendedArray';
 
 /**
  * This class represents an array of {@link Finding} objects and adds additional
@@ -14,7 +14,7 @@ export default class FindingArray extends ExtendedArray<Finding> {
       .values(SecuritySeverity)
       .filter((v: string | SecuritySeverity): v is SecuritySeverity => typeof v === 'number')
       .filter((v: SecuritySeverity): boolean => v >= severity)
-      .some((v: SecuritySeverity): boolean => this.findByProperty('severity', v) != null)
+      .some((v: SecuritySeverity): boolean => this.findByProperty('severity', v) != null);
   }
 
   public hasLevelOrHigher(level: SecurityLevel): boolean {
@@ -22,6 +22,6 @@ export default class FindingArray extends ExtendedArray<Finding> {
       .values(SecurityLevel)
       .filter((v: string | SecurityLevel): v is SecurityLevel => typeof v === 'number')
       .filter((v: SecurityLevel): boolean => v >= level)
-      .some((v: SecurityLevel): boolean => this.findByProperty('level', v) != null)
+      .some((v: SecurityLevel): boolean => this.findByProperty('level', v) != null);
   }
 }

package/src/model/SendIf.ts

@@ -122,54 +122,54 @@ export enum SendIf {
 export function sendIfLogMessage(sendIf: SendIf): string {
   switch (sendIf) {
     case SendIf.SeverityCritical:
-      return 'No message sent: no findings with "Critical" severity.'
+      return 'No message sent: no findings with "Critical" severity.';
     case SendIf.SeverityHigh:
-      return 'No message sent: no findings with "High" severity.'
+      return 'No message sent: no findings with "High" severity.';
     case SendIf.SeverityHighOrHigher:
-      return 'No message sent: no findings with "High" or higher severity.'
+      return 'No message sent: no findings with "High" or higher severity.';
     case SendIf.SeverityMedium:
-      return 'No message sent: no findings with "Medium" severity.'
+      return 'No message sent: no findings with "Medium" severity.';
     case SendIf.SeverityMediumOrHigher:
-      return 'No message sent: no findings with "Medium" or higher severity.'
+      return 'No message sent: no findings with "Medium" or higher severity.';
     case SendIf.SeverityLow:
-      return 'No message sent: no findings with "Low" severity.'
+      return 'No message sent: no findings with "Low" severity.';
     case SendIf.SeverityLowOrHigher:
-      return 'No message sent: no findings with "Low" or higher severity.'
+      return 'No message sent: no findings with "Low" or higher severity.';
     case SendIf.SeverityNone:
-      return 'No message sent: no findings with "None" severity.'
+      return 'No message sent: no findings with "None" severity.';
     case SendIf.SeverityNoneOrHigher:
-      return 'No message sent: no findings with "None" or higher severity.'
+      return 'No message sent: no findings with "None" or higher severity.';
     case SendIf.SeverityUnknown:
-      return 'No message sent: no findings with "Unknown" severity.'
+      return 'No message sent: no findings with "Unknown" severity.';
     case SendIf.SeverityUnknownOrHigher:
-      return 'No message sent: no findings with "Unknown" or higher severity.'
+      return 'No message sent: no findings with "Unknown" or higher severity.';
     case SendIf.LevelError:
-      return 'No message sent: no findings with "Error" level.'
+      return 'No message sent: no findings with "Error" level.';
     case SendIf.LevelWarning:
-      return 'No message sent: no findings with "Warning" level.'
+      return 'No message sent: no findings with "Warning" level.';
     case SendIf.LevelWarningOrHigher:
-      return 'No message sent: no findings with "Warning" or higher level.'
+      return 'No message sent: no findings with "Warning" or higher level.';
     case SendIf.LevelNote:
-      return 'No message sent: no findings with "Note" level.'
+      return 'No message sent: no findings with "Note" level.';
     case SendIf.LevelNoteOrHigher:
-      return 'No message sent: no findings with "Note" or higher level.'
+      return 'No message sent: no findings with "Note" or higher level.';
     case SendIf.LevelNone:
-      return 'No message sent: no findings with "None" level.'
+      return 'No message sent: no findings with "None" level.';
     case SendIf.LevelNoneOrHigher:
-      return 'No message sent: no findings with "None" or higher level.'
+      return 'No message sent: no findings with "None" or higher level.';
     case SendIf.LevelUnknown:
-      return 'No message sent: no findings with "Unknown" level.'
+      return 'No message sent: no findings with "Unknown" level.';
     case SendIf.LevelUnknownOrHigher:
-      return 'No message sent: no findings with "Unknown" or higher level.'
+      return 'No message sent: no findings with "Unknown" or higher level.';
     case SendIf.Always:
-      return 'Message always sent.'
+      return 'Message always sent.';
     case SendIf.Some:
-      return 'No message sent: findings are not found.'
+      return 'No message sent: findings are not found.';
     case SendIf.Empty:
-      return 'No message sent: some findings are found.'
+      return 'No message sent: some findings are found.';
     case SendIf.Never:
-      return 'No message sent: sending is disabled.'
+      return 'No message sent: sending is disabled.';
     default:
-      return 'Unknown SendIf value.'
+      return 'Unknown SendIf value.';
   }
 }